| import os, sys, zlib, traceback | |
| from Crypto.Cipher import AES | |
| from struct import unpack as up | |
| XORPAD = '3F99BB49B43CBBD339FE5FEA463316A8'.decode('hex') | |
| KEY = 'CAECB4CA65678965CBE67D7A3AFD228C'.decode('hex') | |
| IV = 'A65D5EA2D54AD0436DD46158C191361D'.decode('hex') | |
| def safe_open(path, mode): | |
| import os |
Hello! It's been a while since I've done any write-ups, but I thought I'd do one to (hopefully) bring a little clarity to a situation that's been causing a lot of confusion and misinformation.
I'm thinking I'll go through what the problem is and why it happens. So, I guess, let's dive in:
Some people are finding that upon updating to 17.0.0, their consoles are getting a blackscreen and refusing to boot further.
This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.
Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> | |
| static main(void) | |
| { | |
| // set 'loading idc file' mode | |
| set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS)); | |
| GenInfo(); // various settings | |
| Segments(); // segmentation | |
| Enums(); // enumerations |
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> | |
| static main(void) | |
| { | |
| // set 'loading idc file' mode | |
| set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS)); | |
| GenInfo(); // various settings | |
| Segments(); // segmentation | |
| Enums(); // enumerations |
| // | |
| // This file should be used in the following way: | |
| // - reload executable into IDA with using switch -c | |
| // - use File, Load IDC file and load this file. | |
| // | |
| // NOTE: This file doesn't contain all information from the database. | |
| // | |
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> |
| // | |
| // This file should be used in the following way: | |
| // - reload executable into IDA with using switch -c | |
| // - use File, Load IDC file and load this file. | |
| // | |
| // NOTE: This file doesn't contain all information from the database. | |
| // | |
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> |
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> | |
| static main(void) | |
| { | |
| // set 'loading idc file' mode | |
| set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS)); | |
| GenInfo(); // various settings | |
| Segments(); // segmentation | |
| Enums(); // enumerations |
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> | |
| static main(void) | |
| { | |
| // set 'loading idc file' mode | |
| set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS)); | |
| GenInfo(); // various settings | |
| Segments(); // segmentation | |
| Enums(); // enumerations |
| import binascii, sys, random, asn1 | |
| from fractions import gcd | |
| def extended_gcd(aa, bb): | |
| lastremainder, remainder = abs(aa), abs(bb) | |
| x, lastx, y, lasty = 0, 1, 1, 0 | |
| while remainder: | |
| lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder) | |
| x, lastx = lastx - quotient*x, x | |
| y, lasty = lasty - quotient*y, y |